SBOM is a real-time artifact for recording your application’s security and compliance. A good SBOM program enables continuous monitoring of application dependencies, alerting of zero-day vulnerabilities, and readiness for Federal and International compliance requirements. We build an organizational roadmap for your SBOM journey, including goal setting, developer training, selecting environment-specific toolsets, and support with the implementation.
Interlynk specializes in all SBOM formats and specifications, their evolution over time, and specification readiness for new features. Interlynk offers custom solutions abstracting SBOM specifications and formats in easy-to-use libraries and APIs. Among attestations and signing, this can help power SBOM export and sharing, component redactions, vulnerability mapping, and license verification.
Interlynk provides custom solutions for monitoring vulnerabilities and exploitability across the entire software supply chain with or without using SBOM. These monitoring include open source component registration and disambiguation and is combined with alerting on new vulnerabilities at various vulnerability databases, including OSV, VulnDB, and Github Advisory.
Securing the software supply chain requires a coordinated effort between Application Security, DevOps, Compliance, and procurement with management support. Interlynk’s training program incrementally prepares different parts of the organization for securing the chain and empowers them with open-source or custom toolsets, including tools for SLSA, SBOM, VEX, Sigstore, and attestations.
A Software Supply Chain Security program aims to catalog all software components through the entire software supply chain - open source or proprietary, uncover their vulnerabilities, and set up monitoring for their provenance. As the outcome is heavily dependent on the programming ecosystem, development and deployment environment, and depth of the software supply chain, the details of the program vary significantly.
Yes. Interlynk has already open-sourced several tools to help implement SBOM programs in early adopters organizations. In addition, we offer co-development services to build SBOM programs that are unique to your organizational needs.
Interlynk’s mission is to make software risk coordination easy and effective. Executive Order 14028 and related compliance regulations such as FDA and OMB for SBOM and self-attestations are specific implementations. Intelrynk can help build artifacts and report that meets all related requirements.